[rpms/gdb] gdb-17.2-rebase-f44: Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/gdb] gdb-17.2-rebase-f44: Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (
@ 2026-06-28  0:01 
  0 siblings, 0 replies; only message in thread
From:  @ 2026-06-28  0:01 UTC (permalink / raw)
  To: git-commits

          A new commit has been pushed.

          Repo   : rpms/gdb
          Branch : gdb-17.2-rebase-f44
          Commit : fec73092bb4319882628579f01491de5d9542d2c
          Author : Alexandra Hájková <ahajkova@redhat.com>
          Date   : 2023-10-01T11:38:40+02:00
          Stats  : +125/-1 in 5 file(s)
          URL    : https://src.fedoraproject.org/rpms/gdb/c/fec73092bb4319882628579f01491de5d9542d2c?branch=gdb-17.2-rebase-f44

          Log:
          Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (

CVE-2022-48065).

---
diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include
index 3ad950e..c4e21fe 100644
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@@ -210,3 +210,6 @@ Patch047: gdb-bz2237392-dwarf-obstack-allocation.patch
 # avoids section size sanity check.
 Patch048: gdb-rhbz2233961-CVE-2022-4806.patch
 
+# Backport PR29925, Memory leak in find_abstract_instance
+Patch049: gdb-rhbz2233965-memory-leak.patch
+

diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include
index ef55dd0..2ca0c1f 100644
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@@ -46,3 +46,4 @@
 %patch -p1 -P046
 %patch -p1 -P047
 %patch -p1 -P048
+%patch -p1 -P049

diff --git a/_patch_order b/_patch_order
index f8f4cf3..27ac848 100644
--- a/_patch_order
+++ b/_patch_order
@@ -46,3 +46,4 @@ gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 gdb-bz2237515-debuginfod-double-free.patch
 gdb-bz2237392-dwarf-obstack-allocation.patch
 gdb-rhbz2233961-CVE-2022-4806.patch
+gdb-rhbz2233965-memory-leak.patch

diff --git a/gdb-rhbz2233965-memory-leak.patch b/gdb-rhbz2233965-memory-leak.patch
new file mode 100644
index 0000000..004ba3b
--- /dev/null
+++ b/gdb-rhbz2233965-memory-leak.patch
@@ -0,0 +1,115 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
+Date: Sun, 1 Oct 2023 10:36:06 +0200
+Subject: gdb-rhbz2233965-memory-leak.patch
+
+;; Backport PR29925, Memory leak in find_abstract_instance
+
+PR29925, Memory leak in find_abstract_instance
+
+The testcase in the PR had a variable with both DW_AT_decl_file and
+DW_AT_specification, where the DW_AT_specification also specified
+DW_AT_decl_file.  This leads to a memory leak as the file name is
+malloced and duplicates are not expected.
+
+I've also changed find_abstract_instance to not use a temp for "name",
+because that can result in a change in behaviour from the usual last
+of duplicate attributes wins.
+
+	PR 29925
+	* dwarf2.c (find_abstract_instance): Delete "name" variable.
+	Free *filename_ptr before assigning new file name.
+	(scan_unit_for_symbols): Similarly free func->file and
+	var->file before assigning.
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -3441,7 +3441,6 @@ find_abstract_instance (struct comp_unit *unit,
+   struct abbrev_info *abbrev;
+   uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  const char *name = NULL;
+ 
+   if (recur_count == 100)
+     {
+@@ -3602,9 +3601,9 @@ find_abstract_instance (struct comp_unit *unit,
+ 		case DW_AT_name:
+ 		  /* Prefer DW_AT_MIPS_linkage_name or DW_AT_linkage_name
+ 		     over DW_AT_name.  */
+-		  if (name == NULL && is_str_form (&attr))
++		  if (*pname == NULL && is_str_form (&attr))
+ 		    {
+-		      name = attr.u.str;
++		      *pname = attr.u.str;
+ 		      if (mangle_style (unit->lang) == 0)
+ 			*is_linkage = true;
+ 		    }
+@@ -3612,7 +3611,7 @@ find_abstract_instance (struct comp_unit *unit,
+ 		case DW_AT_specification:
+ 		  if (is_int_form (&attr)
+ 		      && !find_abstract_instance (unit, &attr, recur_count + 1,
+-						  &name, is_linkage,
++						  pname, is_linkage,
+ 						  filename_ptr, linenumber_ptr))
+ 		    return false;
+ 		  break;
+@@ -3622,7 +3621,7 @@ find_abstract_instance (struct comp_unit *unit,
+ 		     non-string forms into these attributes.  */
+ 		  if (is_str_form (&attr))
+ 		    {
+-		      name = attr.u.str;
++		      *pname = attr.u.str;
+ 		      *is_linkage = true;
+ 		    }
+ 		  break;
+@@ -3630,8 +3629,11 @@ find_abstract_instance (struct comp_unit *unit,
+ 		  if (!comp_unit_maybe_decode_line_info (unit))
+ 		    return false;
+ 		  if (is_int_form (&attr))
+-		    *filename_ptr = concat_filename (unit->line_table,
+-						     attr.u.val);
++		    {
++		      free (*filename_ptr);
++		      *filename_ptr = concat_filename (unit->line_table,
++						       attr.u.val);
++		    }
+ 		  break;
+ 		case DW_AT_decl_line:
+ 		  if (is_int_form (&attr))
+@@ -3643,7 +3645,6 @@ find_abstract_instance (struct comp_unit *unit,
+ 	    }
+ 	}
+     }
+-  *pname = name;
+   return true;
+ }
+ 
+@@ -4139,8 +4140,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_decl_file:
+ 		  if (is_int_form (&attr))
+-		    func->file = concat_filename (unit->line_table,
+-						  attr.u.val);
++		    {
++		      free (func->file);
++		      func->file = concat_filename (unit->line_table,
++						    attr.u.val);
++		    }
+ 		  break;
+ 
+ 		case DW_AT_decl_line:
+@@ -4182,8 +4186,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_decl_file:
+ 		  if (is_int_form (&attr))
+-		    var->file = concat_filename (unit->line_table,
+-						 attr.u.val);
++		    {
++		      free (var->file);
++		      var->file = concat_filename (unit->line_table,
++						   attr.u.val);
++		    }
+ 		  break;
+ 
+ 		case DW_AT_decl_line:

diff --git a/gdb.spec b/gdb.spec
index 527cd6e..0a572db 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -57,7 +57,7 @@ Version: 13.2
 
 # The release always contains a leading reserved number, start it at 1.
 # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 License: GPL-3.0-or-later AND BSD-3-clause AND FSFAP AND LGPL-2.1-or-later AND GPL-2.0-or-later AND LGPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain AND GFDL-1.3-or-later AND LGPL-2.0-or-later WITH GCC-exception-2.0 AND GPL-3.0-or-later WITH GCC-exception-3.1 AND GPL-2.0-or-later WITH GNU-compiler-exception
 # Do not provide URL for snapshots as the file lasts there only for 2 days.
@@ -1252,6 +1252,10 @@ fi
 %endif
 
 %changelog
+* Sun Oct 1 2023 Alexandra Hájková <ahajkova@redhat.com> - 13.2-10
+- Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (
+  CVE-2022-48065).
+
 * Thu Sep 28 2023 Kevin Buettner <kevinb@redhat.com>
 - Remove gdb-6.5-sharedlibrary-path.patch, which was upstreamed in
   commit 3ec033fab4a.

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-28  0:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-28  0:01 [rpms/gdb] gdb-17.2-rebase-f44: Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox